Security Analyst

Responsibilities

• Develop Security Authorization Packages aligned with FISMA and FedRAMP requirements under the supervision of senior consultants.
• Create and maintain key authorization artifacts, including System Security Plans (SSP), Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, Security Assessment Plans, and Security Assessment Reports.
• Assist in reviewing Security Authorization Packages to ensure completeness, accuracy, and compliance with federal standards.
• Participate in client interviews and working sessions to gather information required for security assessments and authorization documentation.
• Ensure security documentation remains current throughout the system lifecycle.
• Analyze and interpret vulnerability scan results from tools such as SentinelOne, Qualys, AppDetective, WebInspect, IBM AppScan, and Burp Suite.
• Collaborate with clients to define risk mitigation strategies and prioritize remediation activities.
• Build strong customer relationships and serve as a trusted security advisor.
• Drive working sessions to align project scope, expectations, and timelines.
• Establish and improve security standards, procedures, and controls to minimize organizational risk.
• Support project delivery from initiation through closure, ensuring high-quality outcomes.
• Collaborate with cross-functional internal teams to ensure successful execution of security engagements.
• Stay current with evolving regulatory frameworks, cloud security, and emerging threats.

Qualifications

Required:

• 3–5 years of experience in information security, risk management, or compliance consulting.
• Demonstrated familiarity with FISMA and NIST 800-series frameworks, including 800-30, 800-37, 800-53, 800-53A, and 800-60.
• Strong understanding of risk assessment, control implementation, and security documentation.
• Experience supporting FedRAMP or federal security compliance initiatives.
• Excellent written and verbal communication and presentation skills.
• Ability to engage directly with clients and present technical and compliance findings.
• Strong analytical and problem-solving skills.
• Ability to work in fast-paced, client-driven environments.
• U.S. Citizenship required.

Preferred:

• Professional certifications such as CISSP, CEH, CAP, Security+, GSEC, CCNA, CCNP, CASP, or AWS certifications.
• Experience with SOC 2, PCI-DSS, Reg SCI, or other regulatory frameworks.
• Experience working in cloud environments such as AWS or Azure.
• Exposure to security tools and platforms such as Splunk and ServiceNow.
• Experience supporting AI or cloud-native security programs.
• Consulting or client-facing experience.

Candidates are required to be living in the MVD area at the time of the interview.